As Internet use has grown, many types of convenient electronic commerce have been made possible, such as, for example, buying goods and services online, banking online, and using automatic teller machines (ATM) that are linked to remote banks. But the very convenience of electronic commerce has made it easier for thieves to steal valuable information and/or to pose as someone they are not to purchase goods, withdraw money from bank accounts, and so on.
Accordingly, affording security in electronic transactions is crucial. To this end, many electronic transactions are encrypted, to conceal private information being exchanged. But encryption is only one aspect of security, since it is possible for a thief to break the encryption or to come into possession of an otherwise valid item such as a credit card, pose as the owner, and participate in an encrypted transaction.
With this in mind, it readily may be appreciated that authentication is an important aspect of security. In terms of electronic commerce, the person seeking authentication does so through a computer interface. Consequently, it normally is not feasible to resort to checking a biological feature of the person (appearance, handwritten signature, fingerprint, and so on) to verify that the person is who he says he is, absent the widespread installation of an infrastructure of bio-sensing computer accessories.
This leaves two authentication factors available, namely, authenticating a person based on something the person has, such as a credit card or key fob, or based on something the person knows, such as a password or personal identification number (PIN). For some particularly sensitive applications such as ATM money withdrawals, both factors might be desirable.
Currently, a user of an ATM engages an authentication device such as a credit card with the ATM, and then inputs a PIN. In this way, two factor authentication is achieved. However, the ATM must transmit both the secret information on the card and the PIN to a central bank computer for authentication. Consequently, the link between the bank and the ATM must be secure to prevent a thief from eavesdropping on the line and discovering both authentication factors, which otherwise could enable the thief to steal money from the user's account. This places a considerable burden on the link infrastructure.
The above-identified patent applications disclose hand-held sonic-based “tokens” that a person can manipulate to transmit an acoustic signal representing secret information to a device, referred to as an “authenticator”, “verifier”, or “receiver”, to authenticate the person based on the signal. As recognized in those applications, the advantage of sonic-based tokens is that a large installed infrastructure already exists to receive and transmit sound and electronic signals derived from sound. Specifically, the global telephone system exists to transmit data representative of acoustic information, and apart from telephones many computing devices that are now linked by this same system (as embodied in the Internet) have microphones and speakers (or can easily be modified to have them).
As recognized herein, when used in the context of ATMs, sonic tokens have the advantage of transmitting the private information on the token to the ATM in a fashion that prevents the ATM from being able to forge the private information without a confidential key. The ATM simply sends the private information to the central bank computer for authentication. Thus, neither the ATM nor the link between the ATM and the bank need be secure to protect this authentication factor. However, the present invention further recognizes that the second authentication factor—the PIN—still requires link security. This is because PINs generally consist of only 4-6 digits, and an attacker could snoop the line between the ATM and bank, and if the communication allowed a guessed PIN to be verified, the attacker could simply try out the million or so possible PIN values and remember the one that worked until such time as the attacker could steal the token and gain access to the account. Consequently, secure communication between the bank and ATM, unfortunately, would still be required.
Having recognized the above problem, the invention disclosed herein is provided.